公开(公告)号：US09961066B1

公开(公告)日：2018-05-01

申请号：US15783587

申请日：2017-10-13

Applicant: Cloudflare, Inc.

Inventor： David Kitchen ,  Julien Desgats ,  Ben Cartwright-Cox ,  Sam Howson ,  Andrew Galloni

IPC: H04L29/06 ,  G06F21/33

CPC classification number: H04L63/0807 ,  G06F21/335 ,  H04L63/0838 ,  H04L63/0884 ,  H04L63/108 ,  H04L63/1458

Abstract: A method and an apparatus of limiting a rate at which traffic is received at an origin server are described. A first request for a resource at an origin server is received at a proxy server from a client device. A first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached is transmitted to the client device. The refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed. A value of a first counter is incremented. As a result of the refresh instruction a second request for the resource is received from the client device. The second request includes the first cryptographic token. Responsive to determining that the first cryptographic token is valid, fulfilling the request.

公开(公告)号：US10171446B1

公开(公告)日：2019-01-01

申请号：US15939174

申请日：2018-03-28

Applicant: CLOUDFLARE, INC.

Inventor： David Kitchen ,  Julien Desgats ,  Ben Cartwright-Cox ,  Sam Howson ,  Andrew Galloni

IPC: H04L29/06 ,  G06F21/33

Abstract: A method and an apparatus of limiting a rate at which traffic is received at an origin server are described. A first request for a resource at an origin server is received at a proxy server from a client device. A first response that includes a refresh instruction, a first refresh time, and a first cryptographic token that is not valid until a first predetermined time is reached is transmitted to the client device. The refresh instruction is to cause the client device to request the resource after the first refresh time has elapsed. As a result of the refresh instruction a second request for the resource is received from the client device. The second request includes the first cryptographic token. Responsive to determining that the first cryptographic token is valid, fulfilling the request.